By John Oates, 26 October 2001 17:15
NEWS Ryanair has defended its decision to force pilots to apply for jobs with the company through an insecure webpage. Ryanair admitted earlier this week that it had deleted all pilot details from its existing databases. Anyone wishing to be considered for a job from now on must apply online, and are also forced to pay £50 for their CV to be read. But the website has no security provisions in place, and despite silicon.com's attempts to point out the folly of this, will not secure it until the middle of next week. Details including addresses, flying experience and credit card numbers are all sent to Ryanair by an unencrypted email. Michael O'Leary, the chief executive of Ryanair, appeared on the BBC's Working Lunch programme today following silicon.com's original story, but dismissed criticism of the company. He said hundreds of people had already applied. He added that the site will be secure by Wednesday but until then it is staying up as it is. Security experts greeted the news with disbelief. Neil Hare-Brown, director of QCC Information Security, said: "There's no encryption here. That information is going across the internet in a clear form. It would be very, very easy to intercept. Also the information will be cached on the computer and available to anyone who has access to that PC. "This is particularly derelict because they must already have a server-side certificate. All it takes is for someone to put one little piece of code in that page, they've already bought the certificate."
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below